GNOME OS + systemd-sysupdate

Did you know there’s a simple way to try the most cutting-edge GNOME software?

GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. It serves as a reference for developers and testers. This operating system is designed and built around the modern systemd and GNU-based userland built from the Freedesktop SDK.

Codethink is working in collaboration with the GNOME Foundation, through the Sovereign Tech Fund (STF), on the general goal of making GNOME OS nightly a viable daily driver for QA.

Currently, GNOME OS uses a library and set of utilities called OSTree to deploy the root filesystem and manage updates. This means that the base OS is immutable (read-only) and updates can be quickly downloaded as deltas. OSTree allows easy rollback to multiple previous versions of the root filesystem, which is essential for a testing-first distribution focused on finding bugs.

However, since the release of systemd 251 in May 2022, a new update system has been introduced. This new system is called systemd-sysupdate. To reach our general goal, different tasks are in flight/planned, of which the migration of GNOME OS to sysupdate is one of them. Migrating to sysupdate would bring the following benefits:

• Provide a trust chain from the bootloader, all the way up, both online and offline;
• Achieve a closer integration with systemd;
• Advance our support for image-based design and its benefits, e.g., immutability, auto-updating, adaptability, factory reset, uniformity and other modernised security properties around image-based OSes.

Lennart Poettering, the creator of systemd, has shared his view of how to put together a number of components for building Linux-based operating systems and ways forward for Linux OS development, which inspired part of this project.

How close are we?

Now, to complete this migration, there are two main pieces of work involved.

The first is migrating the boot process and the root filesystem. Valentin David did the bulk of this work which landed around October 2023 as a new ‘sysupdate’ family of GNOME OS images. This means that we currently ship two GNOME OS variants, one with ostree and another with sysupdate.

The second part is integrating sysupdate with GNOME. Currently, the system updates can only be managed with a command line tool, that needs to run as root. It can be run manually if you know what you’re doing, or using a systemd timer to apply upgrades unattended.

To enable a proper integration of sysupdate with GNOME, Adrian Vovk developed a D-Bus service that, together with polkit, will allow unprivileged software to manage these updates. This will also allow the GNOME Software app to drive the updates. His work includes a command line utility called updatectl that makes use of the D-Bus service.

What else is missing?

Besides the work described above, there are other missing pieces that need to be addressed.

Therefore, we are working hard to address the remaining issues, upstream our work, and deprecate the ostree variant of GNOME OS. The main tasks that remain are:

• Finish and land Adrian’s D-Bus service and command-line tool upstream into systemd. (See the merge request).
• Develop a plugin for GNOME Software to manage sysupdate updates, through the D-Bus service. (See the merge request).
• Add support for delta upgrades. Currently systemd-sysupdate can only download an entire tarball or disk image and apply it. This isn’t ideal for a frequently updated system like GNOME OS.
• Track multiple parallel versions of the OS, allowing users to run a stable branch of GNOME in addition to the latest unstable version.

To follow our progress, keep an eye on the Codethink blog and This Week In GNOME where we’ll be sharing progress updates.

You can read further blog posts exploring this project here:

• A new way to develop on Linux
• A new way to develop on Linux - Part II

Thumbnail: Creative Commons CC-BY-SA